Trouble setting up Winfows / Linux cipe connection|
"Martin Bene" <martin.bene,AT,icomedias,DOT,com>|
Thu, 31 Jan 2002 17:11:47 +0100|
Hi, I'm trying to get the following config set up:
Roaming windows user (laptop, connects via dialup/adsl/whatever) needs to
connect to company internal lan.
what I'd like to setup:
company lan cipe gw/int cipe gw ext
192.168.33.0 --- 192.168.33.1 --- 18.104.22.168
w2k box, dynamic address
w2k cipe interface:
Basicaly I'd like to give the windows box an address from inside the company
lan; some problems however:
* W2K box doesn't have a fixed IP address
* W2K box is sometimes connected directly to the company internal lan.
* W2K box only needs the connections sometimes, not all the time (may be
connected behind dial-on demand router - don't want the cipe stuff to keep
the linke up when not needed).
So, there's a bunch of questions how to best do this:
- can the local IP address be left empty / automaticaly aquired in cipe for
- since the cipe network adapter shows up as a normal (fixed) network
interface, how can I best enable/disable it? hint: when trying to disable the
interface in "network and dialup interfaces" I get a blue screen more often
than not; version used is 2.0-pre9.
Another question: when setting up with fixed addresses, the above doesn't
seem to work: I can ping the cipe gw over encrypted link, but no other hosts
(cipe gateway does proxy arp for w2k box). the problem is that packets for
other hosts on the company net aren't sent over the cipe tunnel from the w2k
machine; probably because the cipe tunnel doesn't show up as a point-to-point
So: is the configuration I'd like even possible or should I use completely
seperate address space for the cipe tunnels?
Thanks for any hints,
PS: the above config works fine using poptop/pptp, only problem is that
there's quite a few situations where the remote connection for the w2k box
doesn't support/allow pptp protocol; plain UDP packets probably have a much
better chance of getting through, esp. if the connection goes through some
kind of NAT. also, pptp security isn't all that great..